Skip to content

HTTP API to download/browse artifacts

The URL endpoints to retrieve files and artifacts are not part of the normal API, they live outside of the /api/ namespace. But they can be used with an API token too.

Common features to all end points

The request can be authenticated in 3 ways :

  • user or worker authenticated with an API token (provided in the "Token" HTTP header)
  • user authenticated with a cookie (set with the Django session)
  • no authentication at all

The API token takes precedence over the user cookie when both are present.

When there's no authentication, the request can only succeed if the artifact is part of a public workspace. Otherwise, if the artifact is private, the user is redirected to the user login page (with a query parameter indicating the private URL where it needs to be redirected after login).

When a worker is authenticated, the request always succeed.

When a user is authenticated, the request can only succeed if they are part of the workspace associated to the artifact or if that workspace is public.

There are various failure modes:

  • Returns HTTP 404 when the artifact id does not exist
  • Returns HTTP 307 temp redirect to the login page when the artifact is private and there's no authentication information
  • Returns HTTP 403 Permission Denied, when the user is authenticated but they don't have permission to access said artifact.

GET /a/$ARTIFACT_ID/($SUBDIR/)?

Returns an HTML page listing all the files and directories that are (recursively) part of $SUBDIR. The files and directories are hyperlinks pointing to URL where the files can be downloaded and the directories browsed. Each file is listed with its size and checksums. If the number of entries is bigger than 50, then the result is paginated.

If you pass the "archive" GET parameter with a value of "tar.gz", then the request returns a tar.gz file containing all the files that it would have listed in the HTML page (excluding the pagination, so it returns all the files even if there are more than 50 files).

There are supplementary failure modes:

  • Returns HTTP 404 when the sub-directory does not exist
  • Returns HTTP 400 Bad request when the value of the "archive" GET parameter is unsupported.

GET /a/$ARTIFACT_ID/$PATH_FILE

Returns the content of the file identified by $PATH_FILE within the artifact. This request must support the "Range" header and provide HTTP 206 Partial content answers providing only the requested range. Some of the files are expected to be very big and it's important to be able to resume an interrupted download.

There are supplementary failure modes:

  • Returns HTTP 404 when the file does not exist
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information